Many fintech companies collect and process vast amounts of data in order to provide financial services quickly and inexpensively. Much of this data is highly sensitive personal information such as date of birth, social insurance number, bank account details, online banking credentials and credit score. The sheer volume of the information increases its sensitivity because over time a fintech company may generate a very detailed and complete picture of an individual. As a result, data security and compliance with applicable privacy legislation are of critical importance. Here are four privacy and security tips for fintech companies.

1. Build privacy protective controls and security safeguards into the technology as it is developed.

For a young fintech company, a data breach could have devastating impacts on customer trust and investor confidence, so most fintech companies are taking privacy and data security seriously. Fintech companies may even have an advantage over existing financial services providers in this regard, since they can build privacy protective controls and security safeguards into the technology as it is developed, rather than having to fit them into existing processes and systems retroactively.

2. Develop and operationalize robust information governance programs.

Because of the rapid pace at which fintech is developed and commercialized, fintech companies may be pushed to start collecting and processing personal information before their privacy and security frameworks are fully developed. This creates unnecessary risk from a privacy and security perspective.

During the Office of the Privacy Commissioner of Canada’s (OPC) investigation into the Ashley Madison data breach, Avid Life Media Inc. (ALM), operator of the Ashley Madison website, admitted that it had gone through a rapid period of growth leading up to the time of the data breach and that it was, at that time, in the process of documenting its security procedures and improving its information security posture.